From 43539483dac6c6bd353b2daf5d791bfb96a1a22e Mon Sep 17 00:00:00 2001 From: bussyjd Date: Sat, 23 May 2026 23:17:44 +0400 Subject: [PATCH] feat(monetizeapi): controller-gen as canonical CRD schema source MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Closes the entire class of "CRD YAML and Go struct drifted" bugs. PurchaseAutoRefill.MaxTotal was the most recent instance — it existed in purchaserequest-crd.yaml for months while internal/monetizeapi/ types.go didn't have the corresponding field. Without this commit, that pattern recurs by design: two sources of truth, one hand- maintained, no enforcement of agreement. Now Go is the single source of truth: - kubebuilder markers on every CRD-backed struct in types.go (validation, required, enum, pattern, printer columns, subresources) - `just generate` regenerates *-crd.yaml from those markers + zz_generated.deepcopy.go from object:generate=true - CI fails if `git status` is non-empty after `just generate` runs This commit also fixes the documented MaxTotal / MaxSpendPerDay drift by adding both fields to PurchaseAutoRefill — the generated CRD now matches the prior hand-written one and the controller can read them. Pinned controller-tools at v0.16.5 in tools/tools.go (compatible with client-go v0.34.x; a newer release would force prometheus/common through a panicking validation-scheme change). Generation is deterministic; running locally produces no diff after a clean checkout. For future CRD edits: 1. Edit types.go (add/change a field, update markers) 2. `just generate` 3. Commit both the Go and YAML diffs 4. CI verifies the YAML was committed PreSignedAuth.Payment is map[string]interface{} (opaque x402 payload), which controller-gen cannot deep-copy automatically; a hand-written DeepCopy lives in deepcopy_manual.go and the type is flagged object:generate=false. The hack/boilerplate.go.txt file is force-added past *.txt gitignore; it's an empty marker for now — add a copyright header later if the repo settles on one. --- .github/workflows/lint-test.yaml | 28 + go.mod | 41 +- go.sum | 78 +- hack/boilerplate.go.txt | 1 + .../base/templates/agent-crd.yaml | 245 +++--- .../base/templates/agentidentity-crd.yaml | 117 +-- .../base/templates/purchaserequest-crd.yaml | 354 ++++---- .../templates/registrationrequest-crd.yaml | 162 ++-- .../base/templates/serviceoffer-crd.yaml | 671 ++++++++------- internal/monetizeapi/deepcopy_manual.go | 58 ++ internal/monetizeapi/doc.go | 16 + internal/monetizeapi/types.go | 510 +++++++++--- internal/monetizeapi/zz_generated.deepcopy.go | 775 ++++++++++++++++++ justfile | 35 + tools/tools.go | 14 + 15 files changed, 2251 insertions(+), 854 deletions(-) create mode 100644 hack/boilerplate.go.txt create mode 100644 internal/monetizeapi/deepcopy_manual.go create mode 100644 internal/monetizeapi/doc.go create mode 100644 internal/monetizeapi/zz_generated.deepcopy.go create mode 100644 tools/tools.go diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml index 8a251e97..34895b32 100644 --- a/.github/workflows/lint-test.yaml +++ b/.github/workflows/lint-test.yaml @@ -43,3 +43,31 @@ jobs: - name: Run chart-testing (install) run: ct install --target-branch ${{ github.event.repository.default_branch }} + + generate-check: + name: CRD generation up-to-date + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + + - name: Set up Go + uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 + with: + go-version-file: 'go.mod' + + - name: Set up just + uses: extractions/setup-just@dd310ad5a97d8e7b41793f8ef055398d51ad4de6 # v2.0.2 + + - name: Regenerate CRDs + DeepCopy + run: just generate + + - name: Fail if regeneration changed any tracked files + run: | + if [ -n "$(git status --porcelain)" ]; then + echo "::error::CRD manifests or DeepCopy methods are out of date." + echo "::error::Run 'just generate' locally and commit the result." + git status + git --no-pager diff + exit 1 + fi diff --git a/go.mod b/go.mod index 98f67795..28171102 100644 --- a/go.mod +++ b/go.mod @@ -15,19 +15,22 @@ require ( github.com/hf/nitrite v0.0.0-20241225144000-c2d5d3c4f303 github.com/hf/nsm v0.0.0-20220930140112-cd181bd646b9 github.com/mattn/go-isatty v0.0.20 - github.com/prometheus/client_golang v1.15.0 - github.com/prometheus/client_model v0.3.0 - github.com/prometheus/common v0.42.0 + github.com/prometheus/client_golang v1.19.1 + github.com/prometheus/client_model v0.6.1 + github.com/prometheus/common v0.55.0 github.com/santhosh-tekuri/jsonschema/v6 v6.0.2 github.com/shopspring/decimal v1.3.1 github.com/urfave/cli/v2 v2.27.5 github.com/urfave/cli/v3 v3.6.2 golang.org/x/crypto v0.46.0 + golang.org/x/net v0.48.0 golang.org/x/sys v0.39.0 golang.org/x/term v0.38.0 gopkg.in/yaml.v3 v3.0.1 + k8s.io/api v0.34.1 k8s.io/apimachinery v0.34.1 k8s.io/client-go v0.34.1 + sigs.k8s.io/controller-tools v0.16.5 ) require ( @@ -48,21 +51,22 @@ require ( github.com/crate-crypto/go-ipa v0.0.0-20240724233137-53bbb0ceb27a // indirect github.com/cucumber/gherkin/go/v26 v26.2.0 // indirect github.com/cucumber/messages/go/v21 v21.0.1 // indirect - github.com/davecgh/go-spew v1.1.1 // indirect + github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/deckarep/golang-set/v2 v2.8.0 // indirect github.com/emicklei/go-restful/v3 v3.12.2 // indirect github.com/ethereum/c-kzg-4844/v2 v2.1.5 // indirect github.com/ethereum/go-verkle v0.2.2 // indirect + github.com/fatih/color v1.18.0 // indirect github.com/fsnotify/fsnotify v1.9.0 // indirect github.com/fxamacker/cbor/v2 v2.9.0 // indirect - github.com/go-logr/logr v1.4.2 // indirect + github.com/go-logr/logr v1.4.3 // indirect github.com/go-ole/go-ole v1.3.0 // indirect github.com/go-openapi/jsonpointer v0.21.0 // indirect github.com/go-openapi/jsonreference v0.20.2 // indirect github.com/go-openapi/swag v0.23.0 // indirect + github.com/gobuffalo/flect v1.0.3 // indirect github.com/gofrs/uuid v4.3.1+incompatible // indirect github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang/protobuf v1.5.4 // indirect github.com/google/gnostic-models v0.7.0 // indirect github.com/google/go-cmp v0.7.0 // indirect github.com/google/go-configfs-tsm v0.2.2 // indirect @@ -72,24 +76,25 @@ require ( github.com/hashicorp/go-memdb v1.3.4 // indirect github.com/hashicorp/golang-lru v0.5.4 // indirect github.com/holiman/uint256 v1.3.2 // indirect + github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect github.com/klauspost/compress v1.18.1 // indirect github.com/lucasb-eyer/go-colorful v1.2.0 // indirect github.com/mailru/easyjson v0.7.7 // indirect + github.com/mattn/go-colorable v0.1.14 // indirect github.com/mattn/go-runewidth v0.0.16 // indirect - github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect github.com/muesli/termenv v0.16.0 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect - github.com/pkg/errors v0.9.1 // indirect - github.com/pmezard/go-difflib v1.0.0 // indirect - github.com/prometheus/procfs v0.9.0 // indirect + github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect + github.com/prometheus/procfs v0.16.1 // indirect github.com/rivo/uniseg v0.4.7 // indirect github.com/rogpeppe/go-internal v1.14.1 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/shirou/gopsutil v3.21.4-0.20210419000835-c7a38de76ee5+incompatible // indirect + github.com/spf13/cobra v1.9.1 // indirect github.com/spf13/pflag v1.0.10 // indirect github.com/supranational/blst v0.3.16 // indirect github.com/tklauser/go-sysconf v0.3.12 // indirect @@ -98,22 +103,24 @@ require ( github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect go.uber.org/multierr v1.11.0 // indirect - go.yaml.in/yaml/v2 v2.4.2 // indirect + go.yaml.in/yaml/v2 v2.4.3 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546 // indirect - golang.org/x/net v0.48.0 // indirect + golang.org/x/mod v0.30.0 // indirect golang.org/x/oauth2 v0.32.0 // indirect golang.org/x/sync v0.19.0 // indirect golang.org/x/text v0.32.0 // indirect golang.org/x/time v0.14.0 // indirect + golang.org/x/tools v0.39.0 // indirect google.golang.org/protobuf v1.36.11 // indirect - gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect + gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect - k8s.io/api v0.34.1 // indirect + gopkg.in/yaml.v2 v2.4.0 // indirect + k8s.io/apiextensions-apiserver v0.31.2 // indirect k8s.io/klog/v2 v2.130.1 // indirect - k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b // indirect - k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 // indirect - sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect + k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 // indirect + k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 // indirect + sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect sigs.k8s.io/randfill v1.0.0 // indirect sigs.k8s.io/structured-merge-diff/v6 v6.3.0 // indirect sigs.k8s.io/yaml v1.6.0 // indirect diff --git a/go.sum b/go.sum index c451ad0f..fd84f4a3 100644 --- a/go.sum +++ b/go.sum @@ -45,6 +45,7 @@ github.com/coinbase/x402/go v0.0.0-20260331075907-bff876de232a/go.mod h1:8xt63HO github.com/consensys/gnark-crypto v0.19.2 h1:qrEAIXq3T4egxqiliFFoNrepkIWVEeIYwt3UL0fvS80= github.com/consensys/gnark-crypto v0.19.2/go.mod h1:rT23F0XSZqE0mUA0+pRtnL56IbPxs6gp4CeRsBk4XS0= github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/cpuguy83/go-md2man/v2 v2.0.6/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= github.com/cpuguy83/go-md2man/v2 v2.0.7 h1:zbFlGlXEAKlwXpmvle3d8Oe3YnkKIK4xSRTd3sHPnBo= github.com/cpuguy83/go-md2man/v2 v2.0.7/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g= github.com/crate-crypto/go-eth-kzg v1.4.0 h1:WzDGjHk4gFg6YzV0rJOAsTK4z3Qkz5jd4RE3DAvPFkg= @@ -60,8 +61,9 @@ github.com/cucumber/messages/go/v21 v21.0.1 h1:wzA0LxwjlWQYZd32VTlAVDTkW6inOFmSM github.com/cucumber/messages/go/v21 v21.0.1/go.mod h1:zheH/2HS9JLVFukdrsPWoPdmUtmYQAQPLk7w5vWsk5s= github.com/cucumber/messages/go/v22 v22.0.0/go.mod h1:aZipXTKc0JnjCsXrJnuZpWhtay93k7Rn3Dee7iyPJjs= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/dchest/siphash v1.2.3 h1:QXwFc8cFOR2dSa/gE6o/HokBMWtLUaNDVd+22aKHeEA= github.com/dchest/siphash v1.2.3/go.mod h1:0NvQU092bT0ipiFN++/rXm69QG9tVxLAlQHIXMPAkHc= github.com/deckarep/golang-set/v2 v2.8.0 h1:swm0rlPCmdWn9mESxKOjWk8hXSqoxOp+ZlfuyaAdFlQ= @@ -88,6 +90,8 @@ github.com/ethereum/go-ethereum v1.16.7 h1:qeM4TvbrWK0UC0tgkZ7NiRsmBGwsjqc64BHo2 github.com/ethereum/go-ethereum v1.16.7/go.mod h1:Fs6QebQbavneQTYcA39PEKv2+zIjX7rPUZ14DER46wk= github.com/ethereum/go-verkle v0.2.2 h1:I2W0WjnrFUIzzVPwm8ykY+7pL2d4VhlsePn4j7cnFk8= github.com/ethereum/go-verkle v0.2.2/go.mod h1:M3b90YRnzqKyyzBEWJGqj8Qff4IDeXnzFw0P9bFw3uk= +github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM= +github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU= github.com/ferranbt/fastssz v0.1.4 h1:OCDB+dYDEQDvAgtAGnTSidK1Pe2tW3nFV40XyMkTeDY= github.com/ferranbt/fastssz v0.1.4/go.mod h1:Ea3+oeoRGGLGm5shYAeDgu6PGUlcvQhE2fILyD9+tGg= github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k= @@ -99,8 +103,8 @@ github.com/gballet/go-libpcsclite v0.0.0-20190607065134-2772fd86a8ff h1:tY80oXqG github.com/gballet/go-libpcsclite v0.0.0-20190607065134-2772fd86a8ff/go.mod h1:x7DCsMOv1taUwEWCzT4cmDeAkigA5/QCwUodaVOe8Ww= github.com/getsentry/sentry-go v0.27.0 h1:Pv98CIbtB3LkMWmXi4Joa5OOcwbmnX88sF5qbK3r3Ps= github.com/getsentry/sentry-go v0.27.0/go.mod h1:lc76E2QywIyW8WuBnwl8Lc4bkmQH4+w1gwTf25trprY= -github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= -github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= +github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-ole/go-ole v1.2.5/go.mod h1:pprOEPIfldk/42T2oK7lQ4v4JSDwmV0As9GaiUsvbm0= github.com/go-ole/go-ole v1.3.0 h1:Dt6ye7+vXGIKZ7Xtk4s6/xVdGDQynvom7xCFEdWr6uE= github.com/go-ole/go-ole v1.3.0/go.mod h1:5LS6F96DhAwUc7C+1HLexzMXY1xGRSryjyPPKW6zv78= @@ -114,6 +118,8 @@ github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+Gr github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= +github.com/gobuffalo/flect v1.0.3 h1:xeWBM2nui+qnVvNM4S3foBhCAL2XgPU+a7FdpelbTq4= +github.com/gobuffalo/flect v1.0.3/go.mod h1:A5msMlrHtLqh9umBSnvabjsMrCcCpAyzglnDvkbYKHs= github.com/gofrs/flock v0.12.1 h1:MTLVXXHf8ekldpJk3AKicLij9MdwOWkZ+a/jHHZby9E= github.com/gofrs/flock v0.12.1/go.mod h1:9zxTsyu5xtJ9DK+1tFZyibEV7y3uwDxPPfbxeeHCoD0= github.com/gofrs/uuid v4.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM= @@ -123,10 +129,6 @@ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang-jwt/jwt/v4 v4.5.2 h1:YtQM7lnr8iZ+j5q71MGKkNw9Mn7AjHM68uc9g5fXeUI= github.com/golang-jwt/jwt/v4 v4.5.2/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= -github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= -github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk= -github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= -github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/golang/snappy v1.0.0 h1:Oy607GVXHs7RtbggtPBnr2RmDArIsAefDwvrdWvRhGs= github.com/golang/snappy v1.0.0/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/google/gnostic-models v0.7.0 h1:qwTtogB15McXDaNqTZdzPJRHvaVJlAl+HVQnLmJEJxo= @@ -177,6 +179,7 @@ github.com/holiman/uint256 v1.3.2 h1:a9EgMPSC1AAaj1SZL5zIQD3WbwTuHrMGOerLjGmM/TA github.com/holiman/uint256 v1.3.2/go.mod h1:EOMSn4q6Nyt9P6efbI3bueV4e1b3dGlUCXeiRV4ng7E= github.com/huin/goupnp v1.3.0 h1:UvLUlWDNpoUdYzb2TCn+MuTWtcjXKSza2n6CBdQ0xXc= github.com/huin/goupnp v1.3.0/go.mod h1:gnGPsThkYa7bFi/KWmEysQRf48l2dvR5bxr2OFckNX8= +github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/influxdata/influxdb-client-go/v2 v2.4.0 h1:HGBfZYStlx3Kqvsv1h2pJixbCl/jhnFtxpKFAv9Tu5k= github.com/influxdata/influxdb-client-go/v2 v2.4.0/go.mod h1:vLNHdxTJkIf2mSLvGrpj8TCcISApPoXkaxP8g9uRlW8= @@ -217,8 +220,6 @@ github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWE github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mattn/go-runewidth v0.0.16 h1:E5ScNMtiwvlvB5paMFdw9p4kSQzbXFikJ5SQO6TULQc= github.com/mattn/go-runewidth v0.0.16/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= -github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= -github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/minio/sha256-simd v1.0.0 h1:v1ta+49hkWZyvaKwrQB8elexRqm6Y0aMLjCNsrYxo6g= github.com/minio/sha256-simd v1.0.0/go.mod h1:OuYzVNI5vcoYIAmbIvHPl3N3jUzVedXbKy5RFepssQM= github.com/mitchellh/mapstructure v1.4.1 h1:CpVNEelQCZBooIPDn+AR3NpivK/TIKU8bDxdASFVQag= @@ -235,8 +236,12 @@ github.com/muesli/termenv v0.16.0 h1:S5AlUN9dENB57rsbnkPyfdGuWIlkmzJjbFf0Tf5FWUc github.com/muesli/termenv v0.16.0/go.mod h1:ZRfOIKPFDYQoDFF4Olj7/QJbW60Ol/kL1pU3VfY/Cnk= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= +github.com/nxadm/tail v1.4.8 h1:nPr65rt6Y5JFSKQO7qToXr7pePgD6Gwiw05lkbyAQTE= +github.com/nxadm/tail v1.4.8/go.mod h1:+ncqLTQzXmGhMZNUePPaPqPvBxHAIsmXswZKocGu+AU= github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec= github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY= +github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= +github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM= github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4= @@ -257,16 +262,17 @@ github.com/pion/transport/v3 v3.0.1 h1:gDTlPJwROfSfz6QfSi0ZmeCSkFcnWWiiR9ES0ouAN github.com/pion/transport/v3 v3.0.1/go.mod h1:UY7kiITrlMv7/IKgd5eTUcaahZx5oUN3l9SzK5f5xE0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_golang v1.15.0 h1:5fCgGYogn0hFdhyhLbw7hEsWxufKtY9klyvdNfFlFhM= -github.com/prometheus/client_golang v1.15.0/go.mod h1:e9yaBhRPU2pPNsZwE+JdQl0KEt1N9XgF6zxWmaC0xOk= -github.com/prometheus/client_model v0.3.0 h1:UBgGFHqYdG/TPFD1B1ogZywDqEkwp3fBMvqdiQ7Xew4= -github.com/prometheus/client_model v0.3.0/go.mod h1:LDGWKZIo7rky3hgvBe+caln+Dr3dPggB5dvjtD7w9+w= -github.com/prometheus/common v0.42.0 h1:EKsfXEYo4JpWMHH5cg+KOUWeuJSov1Id8zGR8eeI1YM= -github.com/prometheus/common v0.42.0/go.mod h1:xBwqVerjNdUDjgODMpudtOMwlOwf2SaTr1yjz4b7Zbc= -github.com/prometheus/procfs v0.9.0 h1:wzCHvIvM5SxWqYvwgVL7yJY8Lz3PKn49KQtpgMYJfhI= -github.com/prometheus/procfs v0.9.0/go.mod h1:+pB4zwohETzFnmlpe6yd2lSc+0/46IYZRB/chUwxUZY= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE= +github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho= +github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= +github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= +github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc= +github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8= +github.com/prometheus/procfs v0.16.1 h1:hZ15bTNuirocR6u0JZ6BAHHmwS1p8B4P6MRqxtzMyRg= +github.com/prometheus/procfs v0.16.1/go.mod h1:teAbpZRB1iIAJYREa1LsoWUXykVXA1KlTmWl8x/U+Is= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ= github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= @@ -283,7 +289,10 @@ github.com/shirou/gopsutil v3.21.4-0.20210419000835-c7a38de76ee5+incompatible/go github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8= github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0= +github.com/spf13/cobra v1.9.1 h1:CXSaggrXdbHK9CF+8ywj8Amf7PBRmPCOJugH954Nnlo= +github.com/spf13/cobra v1.9.1/go.mod h1:nDyEzZ8ogv936Cinf6g1RU9MRY64Ir93oCnqb9wxYW0= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= +github.com/spf13/pflag v1.0.6/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/pflag v1.0.7/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk= github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= @@ -323,8 +332,8 @@ go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= -go.yaml.in/yaml/v2 v2.4.2 h1:DzmwEr2rDGHl7lsFgAHxmNz/1NlQ7xLIrlN2h5d1eGI= -go.yaml.in/yaml/v2 v2.4.2/go.mod h1:081UH+NErpNdqlCXm3TtEran0rJZGxAYx9hb/ELlsPU= +go.yaml.in/yaml/v2 v2.4.3 h1:6gvOSjQoTB3vt1l+CU+tSyi/HOjfOjRLJ4YwYZGwRO0= +go.yaml.in/yaml/v2 v2.4.3/go.mod h1:zSxWcmIDjOzPXpjlTTbAsKokqkDNAVtZO0WOMiT90s8= go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= @@ -338,6 +347,8 @@ golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPI golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.30.0 h1:fDEXFVZ/fmCKProc/yAXXUijritrDzahmwwefnjoPFk= +golang.org/x/mod v0.30.0/go.mod h1:lAsf5O2EvJeSFMiBxXDki7sCgAxEUcZHXoXMKT4GJKc= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= @@ -346,7 +357,6 @@ golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU= golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY= golang.org/x/oauth2 v0.32.0 h1:jsCblLleRMDrxMN29H3z/k1KliIvpLgCkE6R8FXXNgY= golang.org/x/oauth2 v0.32.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA= -golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -379,6 +389,10 @@ golang.org/x/tools v0.0.0-20210105210202-9ed45478a130/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.39.0 h1:ik4ho21kwuQln40uelmciQPp9SipgNDdrafrYA4TmQQ= golang.org/x/tools v0.39.0/go.mod h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ= +golang.org/x/tools/go/expect v0.1.1-deprecated h1:jpBZDwmgPhXsKZC6WhL20P4b/wmnpsEAGHaNy0n/rJM= +golang.org/x/tools/go/expect v0.1.1-deprecated/go.mod h1:eihoPOH+FgIqa3FpoTwguz/bVUSGBlGQU67vpBeOrBY= +golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated h1:1h2MnaIAIXISqTFKdENegdpAgUXz6NrPEsbIeWaBRvM= +golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated/go.mod h1:RVAQXBGNv1ib0J382/DPCRS/BPnsGebyM1Gj5VSDpG8= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -388,12 +402,14 @@ google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= -gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4= -gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= +gopkg.in/evanphx/json-patch.v4 v4.13.0 h1:czT3CmqEaQ1aanPc5SdlgQrrEIb8w/wwCvWWnfEbYzo= +gopkg.in/evanphx/json-patch.v4 v4.13.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/natefinch/lumberjack.v2 v2.2.1 h1:bBRl1b0OH9s/DuPhuXpNl+VtCaJXFZ5/uEFST95x9zc= gopkg.in/natefinch/lumberjack.v2 v2.2.1/go.mod h1:YD8tP3GAjkrDg1eZH7EGmyESg/lsYskCTPBJVb9jqSc= +gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= +gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= @@ -401,18 +417,22 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= k8s.io/api v0.34.1 h1:jC+153630BMdlFukegoEL8E/yT7aLyQkIVuwhmwDgJM= k8s.io/api v0.34.1/go.mod h1:SB80FxFtXn5/gwzCoN6QCtPD7Vbu5w2n1S0J5gFfTYk= +k8s.io/apiextensions-apiserver v0.31.2 h1:W8EwUb8+WXBLu56ser5IudT2cOho0gAKeTOnywBLxd0= +k8s.io/apiextensions-apiserver v0.31.2/go.mod h1:i+Geh+nGCJEGiCGR3MlBDkS7koHIIKWVfWeRFiOsUcM= k8s.io/apimachinery v0.34.1 h1:dTlxFls/eikpJxmAC7MVE8oOeP1zryV7iRyIjB0gky4= k8s.io/apimachinery v0.34.1/go.mod h1:/GwIlEcWuTX9zKIg2mbw0LRFIsXwrfoVxn+ef0X13lw= k8s.io/client-go v0.34.1 h1:ZUPJKgXsnKwVwmKKdPfw4tB58+7/Ik3CrjOEhsiZ7mY= k8s.io/client-go v0.34.1/go.mod h1:kA8v0FP+tk6sZA0yKLRG67LWjqufAoSHA2xVGKw9Of8= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b h1:MloQ9/bdJyIu9lb1PzujOPolHyvO06MXG5TUIj2mNAA= -k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b/go.mod h1:UZ2yyWbFTpuhSbFhv24aGNOdoRdJZgsIObGBUaYVsts= -k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 h1:hwvWFiBzdWw1FhfY1FooPn3kzWuJ8tmbZBHi4zVsl1Y= -k8s.io/utils v0.0.0-20250604170112-4c0f3b243397/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE= -sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= +k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912 h1:Y3gxNAuB0OBLImH611+UDZcmKS3g6CthxToOb37KgwE= +k8s.io/kube-openapi v0.0.0-20250910181357-589584f1c912/go.mod h1:kdmbQkyfwUagLfXIad1y2TdrjPFWp2Q89B3qkRwf/pQ= +k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 h1:SjGebBtkBqHFOli+05xYbK8YF1Dzkbzn+gDM4X9T4Ck= +k8s.io/utils v0.0.0-20251002143259-bc988d571ff4/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/controller-tools v0.16.5 h1:5k9FNRqziBPwqr17AMEPPV/En39ZBplLAdOwwQHruP4= +sigs.k8s.io/controller-tools v0.16.5/go.mod h1:8vztuRVzs8IuuJqKqbXCSlXcw+lkAv/M2sTpg55qjMY= +sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= +sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= sigs.k8s.io/structured-merge-diff/v6 v6.3.0 h1:jTijUJbW353oVOd9oTlifJqOGEkUw2jB/fXCbTiQEco= diff --git a/hack/boilerplate.go.txt b/hack/boilerplate.go.txt new file mode 100644 index 00000000..8c47ec39 --- /dev/null +++ b/hack/boilerplate.go.txt @@ -0,0 +1 @@ +// Code generated by controller-gen. DO NOT EDIT. diff --git a/internal/embed/infrastructure/base/templates/agent-crd.yaml b/internal/embed/infrastructure/base/templates/agent-crd.yaml index 510d4d0c..8338c0d6 100644 --- a/internal/embed/infrastructure/base/templates/agent-crd.yaml +++ b/internal/embed/infrastructure/base/templates/agent-crd.yaml @@ -1,12 +1,9 @@ --- -# Agent CRD -# Declarative spec for an Obol Stack agent (Hermes today, OpenClaw later). -# Decouples agent lifecycle from selling — `obol sell agent ` references -# an existing Agent rather than provisioning one inline. Internal manager -# agents with RBAC can also create Agent resources to spawn sub-agents. apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.5 name: agents.obol.org spec: group: obol.org @@ -14,103 +11,151 @@ spec: kind: Agent listKind: AgentList plural: agents - singular: agent shortNames: - - ag + - ag + singular: agent scope: Namespaced versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Runtime - type: string - jsonPath: .spec.runtime - - name: Model - type: string - jsonPath: .status.pinnedModel - - name: Wallet - type: string - jsonPath: .status.walletAddress - - name: Phase - type: string - jsonPath: .status.phase - - name: Ready - type: string - jsonPath: .status.conditions[?(@.type=="Ready")].status - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - runtime: - type: string - enum: - - hermes - default: hermes - description: "Agent runtime (only hermes today; openclaw planned)" - model: + - additionalPrinterColumns: + - jsonPath: .spec.runtime + name: Runtime + type: string + - jsonPath: .status.pinnedModel + name: Model + type: string + - jsonPath: .status.walletAddress + name: Wallet + type: string + - jsonPath: .status.phase + name: Phase + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + Agent is the declarative spec for an Obol Stack agent (Hermes today, + OpenClaw later). Decouples agent lifecycle from selling: `obol sell + agent ` references an existing Agent rather than provisioning + one inline. Internal manager agents with RBAC can also create Agent + resources to spawn sub-agents. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + model: + description: |- + LiteLLM model name to pin. Empty = controller picks cluster + top-of-rank on first deploy and writes status.pinnedModel. + maxLength: 256 + type: string + objective: + description: |- + Operator-supplied objective text. Substituted into the SOUL.md + template by the seeder on first write. Agent owns SOUL.md after that. + maxLength: 4096 + type: string + runtime: + default: hermes + description: Agent runtime (only hermes today; openclaw planned). + enum: + - hermes + type: string + skills: + description: |- + Allow-listed skills written to the per-agent skills dir on first + reconcile. Agent can edit afterwards; this is a seed, not a sandbox. + items: + maxLength: 64 + pattern: ^[a-z0-9][a-z0-9-]*$ type: string - maxLength: 256 - description: "LiteLLM model name to pin. Empty = controller picks cluster top-of-rank on first deploy and writes status.pinnedModel." - skills: - type: array - maxItems: 64 - items: - type: string - pattern: "^[a-z0-9][a-z0-9-]*$" - maxLength: 64 - description: "Allow-listed skills written to the per-agent skills dir on first reconcile. Agent can edit afterwards; this is a seed, not a sandbox." - objective: - type: string - maxLength: 4096 - description: "Operator-supplied objective text. Substituted into the SOUL.md template by the seeder on first write. Agent owns SOUL.md after that." - wallet: - type: object + maxItems: 64 + type: array + wallet: + properties: + create: + default: false + description: |- + Provision a per-namespace remote-signer keystore. Address is + published in status.walletAddress. + type: boolean + type: object + type: object + status: + properties: + conditions: + items: properties: - create: - type: boolean - default: false - description: "Provision a per-namespace remote-signer keystore. Address is published in status.walletAddress." - status: - type: object - properties: - observedGeneration: - type: integer - format: int64 - phase: - type: string - description: "Pending | Provisioning | Ready | Failed" - pinnedModel: - type: string - description: "Actual model the agent is using (= spec.model when set, otherwise the auto-picked top-of-rank)." - walletAddress: - type: string - pattern: "^(0x[0-9a-fA-F]{40})?$" - description: "Agent's signing address when wallet.create=true. Empty otherwise." - endpoint: - type: string - description: "Cluster-internal URL for the agent runtime (e.g. http://hermes.agent-quant.svc.cluster.local:8642)." - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - reason: - type: string - message: - type: string - lastTransitionTime: - type: string - format: date-time + lastTransitionTime: + description: Last time the condition transitioned. + format: date-time + type: string + message: + description: Human-readable message with details. + type: string + reason: + description: Machine-readable reason for the condition. + type: string + status: + description: Status of the condition. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Condition type. + type: string + required: + - status + - type + type: object + type: array + endpoint: + description: |- + Cluster-internal URL for the agent runtime (e.g. + http://hermes.agent-quant.svc.cluster.local:8642). + type: string + observedGeneration: + format: int64 + type: integer + phase: + description: Pending | Provisioning | Ready | Failed + type: string + pinnedModel: + description: |- + Actual model the agent is using (= spec.model when set, otherwise + the auto-picked top-of-rank). + type: string + walletAddress: + description: Agent's signing address when wallet.create=true. Empty + otherwise. + pattern: ^(0x[0-9a-fA-F]{40})?$ + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/internal/embed/infrastructure/base/templates/agentidentity-crd.yaml b/internal/embed/infrastructure/base/templates/agentidentity-crd.yaml index 29ad8c03..fa9fc2bc 100644 --- a/internal/embed/infrastructure/base/templates/agentidentity-crd.yaml +++ b/internal/embed/infrastructure/base/templates/agentidentity-crd.yaml @@ -1,13 +1,9 @@ --- -# AgentIdentity CRD -# Durable ERC-8004 agent identity document. Outlives ServiceOffers: when the -# last offer is deleted, the controller renders a tombstone (active:false, -# x402Support:false) instead of removing the registration document. The -# canonical operator identity lives at x402/default and status.registrations -# records the on-chain agentId for each registered chain. apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.5 name: agentidentities.obol.org spec: group: obol.org @@ -15,48 +11,73 @@ spec: kind: AgentIdentity listKind: AgentIdentityList plural: agentidentities - singular: agentidentity shortNames: - - aid + - aid + singular: agentidentity scope: Namespaced versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Chains - type: string - jsonPath: .status.registrations[*].chain - - name: AgentIDs - type: string - jsonPath: .status.registrations[*].agentId - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - status: - type: object - properties: - registrations: - type: array - description: "Per-chain ERC-8004 registrations for this identity document." - items: - type: object - required: - - chain - - agentId - properties: - chain: - type: string - maxLength: 64 - description: "ERC-8004 registration chain alias." - agentId: - type: string - description: "On-chain ERC-721 tokenId on the given chain." + - additionalPrinterColumns: + - jsonPath: .status.registrations[*].chain + name: Chains + type: string + - jsonPath: .status.registrations[*].agentId + name: AgentIDs + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + AgentIdentity is the durable, on-chain identity an operator controls in + the ERC-8004 Identity Registry. A single AgentIdentity outlives + ServiceOffers: deleting the last ServiceOffer that references it does + not delete the NFT, the published registration document, or the + recorded agentId; instead the renderer publishes a tombstone + (active:false, x402Support:false) so external observers still see the + historical record. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + type: object + status: + properties: + registrations: + description: Per-chain ERC-8004 registrations for this identity document. + items: + properties: + agentId: + description: On-chain ERC-721 tokenId on the given chain. + type: string + chain: + description: ERC-8004 registration chain alias. + maxLength: 64 + type: string + required: + - agentId + - chain + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/internal/embed/infrastructure/base/templates/purchaserequest-crd.yaml b/internal/embed/infrastructure/base/templates/purchaserequest-crd.yaml index 49bb7359..af32f441 100644 --- a/internal/embed/infrastructure/base/templates/purchaserequest-crd.yaml +++ b/internal/embed/infrastructure/base/templates/purchaserequest-crd.yaml @@ -1,6 +1,9 @@ +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.5 name: purchaserequests.obol.org spec: group: obol.org @@ -8,162 +11,221 @@ spec: kind: PurchaseRequest listKind: PurchaseRequestList plural: purchaserequests - singular: purchaserequest shortNames: - - pr + - pr + singular: purchaserequest scope: Namespaced versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Endpoint - type: string - jsonPath: .spec.endpoint - - name: Model - type: string - jsonPath: .spec.model - - name: Price - type: string - jsonPath: .spec.payment.price - - name: Remaining - type: integer - jsonPath: .status.remaining - - name: Spent - type: integer - jsonPath: .status.spent - - name: Ready - type: string - jsonPath: .status.conditions[?(@.type=="Ready")].status - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - required: [endpoint, model, count, payment] - properties: - endpoint: - type: string - description: "Full URL to the x402-gated inference endpoint" - model: - type: string - description: "Remote model ID (used as paid/ in LiteLLM)" - count: - type: integer - minimum: 1 - maximum: 2500 - description: "Number of pre-signed auths to create" - preSignedAuths: - type: array - description: "Pre-signed x402 payments (legacy ERC-3009 auths still supported)" - items: - type: object - properties: - id: { type: string } - payment: - type: object - x-kubernetes-preserve-unknown-fields: true - signature: { type: string } - from: { type: string } - to: { type: string } - value: { type: string } - validAfter: { type: string } - validBefore: { type: string } - nonce: { type: string } - autoRefill: - type: object + - additionalPrinterColumns: + - jsonPath: .spec.endpoint + name: Endpoint + type: string + - jsonPath: .spec.model + name: Model + type: string + - jsonPath: .spec.payment.price + name: Price + type: string + - jsonPath: .status.remaining + name: Remaining + type: integer + - jsonPath: .status.spent + name: Spent + type: integer + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + PurchaseRequest is the buyer-side request for pre-signed x402 auths + against a remote inference endpoint. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + autoRefill: + description: |- + PurchaseAutoRefill drives the agent-managed auto-refill policy for a + PurchaseRequest. The reconciler reads MaxTotal + MaxSpendPerDay as + budget caps before signing more auths; without these fields populated + the agent will not auto-refill beyond the initial Count. + properties: + count: + description: Number of auths to sign on refill. + minimum: 1 + type: integer + enabled: + default: false + type: boolean + maxSpendPerDay: + description: Max micro-USDC spend per day. + type: string + maxTotal: + description: Cap total auths ever signed. + type: integer + threshold: + description: Refill when remaining < threshold. + minimum: 0 + type: integer + type: object + count: + description: Number of pre-signed auths to create. + maximum: 2500 + minimum: 1 + type: integer + endpoint: + description: Full URL to the x402-gated inference endpoint. + type: string + model: + description: Remote model ID (used as paid/ in LiteLLM). + type: string + payment: + properties: + asset: + description: ERC-20 contract address. + type: string + assetDecimals: + description: Token decimals in atomic units. + format: int64 + type: integer + assetSymbol: + description: Human-friendly token symbol (e.g. USDC, OBOL). + type: string + assetTransferMethod: + description: x402 transfer method used for this asset. + type: string + eip712Name: + description: EIP-712 domain name used for signing. + type: string + eip712Version: + description: EIP-712 domain version used for signing. + type: string + network: + type: string + payTo: + type: string + price: + description: Atomic token units per request. + type: string + required: + - asset + - network + - payTo + - price + type: object + preSignedAuths: + description: Pre-signed x402 payments (legacy ERC-3009 auths still + supported). + items: + description: |- + PreSignedAuth carries a pre-signed x402 payment authorization. The + Payment map is opaque (forwarded verbatim to the buyer sidecar / x402 + facilitator) which can't be deep-copied by controller-gen; DeepCopy + methods for this type are hand-written in deepcopy_manual.go. properties: - enabled: - type: boolean - default: false - threshold: - type: integer - minimum: 0 - description: "Refill when remaining < threshold" - count: - type: integer - minimum: 1 - description: "Number of auths to sign on refill" - maxTotal: - type: integer - description: "Cap total auths ever signed" - maxSpendPerDay: + from: type: string - description: "Max micro-USDC spend per day" - payment: - type: object - required: [network, payTo, price, asset] - properties: - network: + id: + type: string + nonce: type: string - payTo: + payment: + x-kubernetes-preserve-unknown-fields: true + signature: type: string - price: + to: type: string - description: "Atomic token units per request" - asset: + validAfter: type: string - description: "ERC-20 contract address" - assetSymbol: + validBefore: type: string - description: "Human-friendly token symbol (e.g. USDC, OBOL)" - assetDecimals: - type: integer - description: "Token decimals in atomic units" - assetTransferMethod: + value: type: string - description: "x402 transfer method used for this asset" - eip712Name: + type: object + type: array + required: + - count + - endpoint + - model + - payment + type: object + status: + properties: + conditions: + items: + properties: + lastTransitionTime: + description: Last time the condition transitioned. + format: date-time + type: string + message: + description: Human-readable message with details. type: string - description: "EIP-712 domain name used for signing" - eip712Version: + reason: + description: Machine-readable reason for the condition. type: string - description: "EIP-712 domain version used for signing" - status: - type: object - properties: - observedGeneration: - type: integer - format: int64 - conditions: - type: array - items: - type: object - properties: - type: - type: string - status: - type: string - reason: - type: string - message: - type: string - lastTransitionTime: - type: string - format: date-time - publicModel: - type: string - description: "LiteLLM model name (paid/)" - remaining: - type: integer - spent: - type: integer - totalSigned: - type: integer - totalSpent: - type: string - probedAt: - type: string - format: date-time - probedPrice: - type: string - walletBalance: - type: string - signerAddress: - type: string + status: + description: Status of the condition. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: Condition type. + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + format: int64 + type: integer + probedAt: + format: date-time + type: string + probedPrice: + type: string + publicModel: + description: LiteLLM model name (paid/). + type: string + remaining: + type: integer + signerAddress: + type: string + spent: + type: integer + totalSigned: + type: integer + totalSpent: + type: string + walletBalance: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/internal/embed/infrastructure/base/templates/registrationrequest-crd.yaml b/internal/embed/infrastructure/base/templates/registrationrequest-crd.yaml index b6266db2..8ac1a00c 100644 --- a/internal/embed/infrastructure/base/templates/registrationrequest-crd.yaml +++ b/internal/embed/infrastructure/base/templates/registrationrequest-crd.yaml @@ -1,10 +1,9 @@ --- -# RegistrationRequest CRD -# Isolates ERC-8004 publication and on-chain side effects from the main -# ServiceOffer reconciliation loop. ServiceOffer remains the source of truth. apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.5 name: registrationrequests.obol.org spec: group: obol.org @@ -12,74 +11,95 @@ spec: kind: RegistrationRequest listKind: RegistrationRequestList plural: registrationrequests - singular: registrationrequest shortNames: - - rr + - rr + singular: registrationrequest scope: Namespaced versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Offer - type: string - jsonPath: .spec.serviceOfferName - - name: State - type: string - jsonPath: .spec.desiredState - - name: Phase - type: string - jsonPath: .status.phase - - name: AgentID - type: string - jsonPath: .status.agentId - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - schema: - openAPIV3Schema: - type: object - properties: - spec: - type: object - required: - - serviceOfferName - - serviceOfferNamespace - - desiredState - properties: - serviceOfferName: - type: string - serviceOfferNamespace: - type: string - desiredState: - type: string - enum: - - Active - - Tombstoned - chain: - type: string - description: "ERC-8004 registration chain alias for this request." - status: - type: object - properties: - phase: - type: string - message: - type: string - publishedUrl: - type: string - agentId: - type: string - registrationTxHash: - type: string - registrationOwner: - type: string - registrationUri: - type: string - registrationSearchFromBlock: - type: integer - format: int64 - metadataSynced: - type: boolean + - additionalPrinterColumns: + - jsonPath: .spec.serviceOfferName + name: Offer + type: string + - jsonPath: .spec.desiredState + name: State + type: string + - jsonPath: .status.phase + name: Phase + type: string + - jsonPath: .status.agentId + name: AgentID + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + RegistrationRequest isolates ERC-8004 publication and on-chain side + effects from the main ServiceOffer reconciliation loop. ServiceOffer + remains the source of truth. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + chain: + description: ERC-8004 registration chain alias for this request. + type: string + desiredState: + enum: + - Active + - Tombstoned + type: string + serviceOfferName: + type: string + serviceOfferNamespace: + type: string + required: + - desiredState + - serviceOfferName + - serviceOfferNamespace + type: object + status: + properties: + agentId: + type: string + message: + type: string + metadataSynced: + type: boolean + phase: + type: string + publishedUrl: + type: string + registrationOwner: + type: string + registrationSearchFromBlock: + format: int64 + type: integer + registrationTxHash: + type: string + registrationUri: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/internal/embed/infrastructure/base/templates/serviceoffer-crd.yaml b/internal/embed/infrastructure/base/templates/serviceoffer-crd.yaml index 5b37ba23..9bac5643 100644 --- a/internal/embed/infrastructure/base/templates/serviceoffer-crd.yaml +++ b/internal/embed/infrastructure/base/templates/serviceoffer-crd.yaml @@ -1,15 +1,9 @@ --- -# ServiceOffer CRD -# Defines a compute service the agent can expose, gate with x402, and register on-chain. -# Condition lifecycle: ModelReady -> UpstreamHealthy -> PaymentGateReady -> RoutePublished -> Registered -> Ready -# -# Field naming conventions: -# - payment.* fields align with x402 PaymentRequirements (V2): payTo, network, scheme, maxTimeoutSeconds -# - registration.* fields align with ERC-8004 AgentRegistration: name, description, services, supportedTrust -# - Human-friendly values (e.g., "base-sepolia") are used; the reconciler translates to wire format apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.5 name: serviceoffers.obol.org spec: group: obol.org @@ -17,354 +11,355 @@ spec: kind: ServiceOffer listKind: ServiceOfferList plural: serviceoffers - singular: serviceoffer shortNames: - - so + - so + singular: serviceoffer scope: Namespaced versions: - - name: v1alpha1 - served: true - storage: true - subresources: - status: {} - additionalPrinterColumns: - - name: Type - type: string - jsonPath: .spec.type - - name: Model - type: string - jsonPath: .spec.model.name - - name: Price - type: string - jsonPath: .spec.payment.price.perRequest - - name: Network - type: string - jsonPath: .spec.payment.network - - name: Ready - type: string - jsonPath: .status.conditions[?(@.type=="Ready")].status - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - schema: - openAPIV3Schema: - type: object - description: >- - ServiceOffer declares a compute service that can be exposed publicly, - gated with x402 payments, and optionally registered on an ERC-8004 - service registry. Field names align with x402 and ERC-8004 standards. - properties: - spec: - type: object - required: - - payment - # upstream is required for type=http|inference|fine-tuning but - # synthesized by the controller from Agent.status.endpoint when - # type=agent. Validation of "upstream OR agent.ref" lives in - # the controller's runtime check. - properties: - type: - type: string - description: >- - Service type. 'inference' enables model management; 'http' for any HTTP service; - 'agent' references an Agent CR via spec.agent.ref and the controller derives - upstream + model + skills from the agent's status. - default: "http" - enum: - - inference - - fine-tuning - - http - - agent - agent: - type: object - description: >- - Required when type='agent'. The controller resolves spec.agent.ref to the - referenced Agent CR, derives upstream from Agent.status.endpoint, and surfaces - the agent's pinned model + skills in the 402 response's extra block. - properties: - ref: - type: object - required: - - name - - namespace - properties: - name: - type: string - namespace: - type: string - model: - type: object - description: "LLM model metadata. Required when the upstream serves an LLM." - required: + - additionalPrinterColumns: + - jsonPath: .spec.type + name: Type + type: string + - jsonPath: .spec.model.name + name: Model + type: string + - jsonPath: .spec.payment.price.perRequest + name: Price + type: string + - jsonPath: .spec.payment.network + name: Network + type: string + - jsonPath: .status.conditions[?(@.type=="Ready")].status + name: Ready + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + ServiceOffer declares a compute service that can be exposed publicly, + gated with x402 payments, and optionally registered on an ERC-8004 + service registry. Field names align with x402 and ERC-8004 standards. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + agent: + description: |- + Required when type='agent'. The controller resolves spec.agent.ref to + the referenced Agent CR, derives upstream from Agent.status.endpoint, + and surfaces the agent's pinned model + skills in the 402 response. + properties: + ref: + properties: + name: + type: string + namespace: + type: string + required: - name - - runtime - properties: - name: - type: string - description: "Model identifier (e.g. qwen3.5:35b)." - runtime: - type: string - description: "Runtime serving the model." - enum: - - ollama - - vllm - - tgi - upstream: - type: object - description: "In-cluster service that handles the actual workload." - required: - - service - namespace - - port - properties: - service: - type: string - description: "Kubernetes Service name." - namespace: - type: string - description: "Namespace of the upstream Service." - port: - type: integer - description: "Port on the upstream Service." - default: 11434 - minimum: 1 - maximum: 65535 - healthPath: - type: string - description: "HTTP path used for health probes against the upstream." - default: "/health" - payment: - type: object - description: >- - x402 payment terms. Field names align with x402 PaymentRequirements (V2): - payTo, network, scheme, maxTimeoutSeconds. - required: - - network - - payTo - - price - properties: - scheme: - type: string - description: "x402 payment scheme." - default: "exact" - enum: - - exact - network: + type: object + type: object + model: + description: LLM model metadata. Required when the upstream serves + an LLM. + properties: + name: + description: Model identifier (e.g. qwen3.5:35b). + type: string + runtime: + description: Runtime serving the model. + enum: + - ollama + - vllm + - tgi + type: string + required: + - name + - runtime + type: object + path: + description: URL path prefix for the HTTPRoute, defaults to /services/. + pattern: ^/[a-zA-Z0-9/_.-]*$ + type: string + payment: + properties: + asset: + description: |- + Optional token metadata override for x402 settlement. When omitted, + the verifier uses the chain default asset. + properties: + address: + description: ERC-20 contract address. + pattern: ^0x[0-9a-fA-F]{40}$ + type: string + decimals: + description: Token decimals in atomic units. + format: int64 + maximum: 255 + minimum: 0 + type: integer + eip712Name: + description: EIP-712 domain name used by the token. + type: string + eip712Version: + description: EIP-712 domain version used by the token. + type: string + symbol: + description: Human-friendly token symbol (e.g. USDC, OBOL). + type: string + transferMethod: + description: x402 transfer method for the asset. + enum: + - eip3009 + - permit2 + type: string + type: object + maxTimeoutSeconds: + default: 300 + description: 'Payment validity window in seconds (x402: maxTimeoutSeconds).' + format: int64 + type: integer + network: + description: |- + Chain identifier for payments (human-friendly). Reconciler resolves + to CAIP-2 format (e.g., "base-sepolia" → "eip155:84532"). + type: string + payTo: + description: 'USDC recipient wallet address (x402: payTo).' + pattern: ^0x[0-9a-fA-F]{40}$ + type: string + price: + description: |- + Pricing table with per-unit prices in USDC (human-readable decimals). + Which fields are applicable depends on the workload type. + properties: + perEpoch: + description: Per-training-epoch price in USDC. Fine-tuning + only. + type: string + perHour: + description: Per-compute-hour price in USDC. Fine-tuning only. + type: string + perMTok: + description: Per-million-tokens price in USDC. Inference only. + type: string + perRequest: + description: Flat per-request price in USDC. Applicable to + all types. + type: string + type: object + scheme: + default: exact + description: x402 payment scheme. + enum: + - exact + type: string + required: + - network + - payTo + - price + type: object + provenance: + additionalProperties: + type: string + description: |- + Optional provenance metadata for the service. Tracks how the model or + service was produced (e.g. autoresearch experiment data). Included in + the ERC-8004 registration document when present. + type: object + registration: + description: |- + ERC-8004 registration metadata. Field names align with the + AgentRegistration document schema (ERC-8004 spec). + properties: + description: + description: 'Agent description (ERC-8004: AgentRegistration.description).' + type: string + domains: + description: |- + OASF domains for discovery (e.g. technology/artificial_intelligence). + Mapped to an OASF service entry in the registration JSON. + items: type: string - description: >- - Chain identifier for payments (human-friendly). - Reconciler resolves to CAIP-2 format (e.g., "base-sepolia" → "eip155:84532"). - payTo: + type: array + enabled: + default: false + description: If true, register on ERC-8004 after routing is live. + type: boolean + image: + description: 'Agent icon URL (ERC-8004: AgentRegistration.image).' + type: string + metadata: + additionalProperties: type: string - description: "USDC recipient wallet address (x402: payTo)." - pattern: "^0x[0-9a-fA-F]{40}$" - maxTimeoutSeconds: - type: integer - description: "Payment validity window in seconds (x402: maxTimeoutSeconds)." - default: 300 - asset: - type: object - description: >- - Optional token metadata override for x402 settlement. - When omitted, the verifier uses the chain default asset. + description: |- + Additional registration metadata published into the generated + agent-registration.json for discovery and ranking. + type: object + name: + description: 'Agent name (ERC-8004: AgentRegistration.name).' + type: string + services: + description: 'Service endpoints (ERC-8004: AgentRegistration.services[]).' + items: properties: - address: - type: string - description: "ERC-20 contract address." - pattern: "^0x[0-9a-fA-F]{40}$" - symbol: + endpoint: + description: Service URL. Auto-filled from tunnel URL if + empty. type: string - description: "Human-friendly token symbol (e.g. USDC, OBOL)." - decimals: - type: integer - description: "Token decimals in atomic units." - minimum: 0 - maximum: 255 - transferMethod: - type: string - description: "x402 transfer method for the asset." - enum: - - eip3009 - - permit2 - eip712Name: + name: + description: 'Service type: web, A2A, MCP, OASF, ENS, DID, + email.' type: string - description: "EIP-712 domain name used by the token." - eip712Version: + version: + description: Protocol version (SHOULD per ERC-8004 spec). type: string - description: "EIP-712 domain version used by the token." - price: + required: + - endpoint + - name type: object - description: >- - Pricing table with per-unit prices in USDC (human-readable decimals). - Which fields are applicable depends on the workload type. - properties: - perRequest: - type: string - description: "Flat per-request price in USDC. Applicable to all types." - perMTok: - type: string - description: "Per-million-tokens price in USDC. Inference only." - perHour: - type: string - description: "Per-compute-hour price in USDC. Fine-tuning only." - perEpoch: - type: string - description: "Per-training-epoch price in USDC. Fine-tuning only." - provenance: - type: object - description: >- - Optional provenance metadata for the service. Tracks how the - model or service was produced (e.g. autoresearch experiment data). - Included in the ERC-8004 registration document when present. - properties: - framework: - type: string - description: "Optimization framework (e.g. autoresearch)." - metricName: - type: string - description: "Name of the primary quality metric (e.g. val_bpb)." - metricValue: + type: array + skills: + description: |- + OASF skills for discovery (e.g. + natural_language_processing/text_generation). Mapped to an OASF + service entry in the registration JSON. + items: type: string - description: "Primary quality metric value (e.g. 0.9973)." - experimentId: + type: array + supportedTrust: + description: |- + Trust verification methods (ERC-8004: AgentRegistration.supportedTrust[]). + Valid values: reputation, crypto-economic, tee-attestation. + items: type: string - description: "Experiment or commit identifier." - trainHash: + type: array + type: object + type: + default: http + description: |- + Service type. 'inference' enables model management; 'http' for any HTTP + service; 'agent' references an Agent CR via spec.agent.ref and the + controller derives upstream + model + skills from the agent's status. + enum: + - inference + - fine-tuning + - http + - agent + type: string + upstream: + description: In-cluster service that handles the actual workload. + properties: + healthPath: + default: /health + description: HTTP path used for health probes against the upstream. + type: string + namespace: + description: Namespace of the upstream Service. + type: string + port: + default: 11434 + description: Port on the upstream Service. + format: int64 + maximum: 65535 + minimum: 1 + type: integer + service: + description: Kubernetes Service name. + type: string + required: + - namespace + - port + - service + type: object + required: + - payment + type: object + status: + properties: + agentId: + description: ERC-8004 agent NFT token ID after on-chain registration. + type: string + agentResolution: + description: |- + Controller's resolved view of an agent-type offer's referenced Agent. + Populated only when type=agent and the Agent is Ready. + properties: + endpoint: + type: string + model: + type: string + runtime: + type: string + skills: + items: type: string - description: "SHA-256 hash of the training code that produced this model." - paramCount: - type: string - description: "Model parameter count (e.g. 50M, 1.3B)." - path: - type: string - description: "URL path prefix for the HTTPRoute, defaults to /services/." - pattern: "^/[a-zA-Z0-9/_.-]*$" - registration: - type: object - description: >- - ERC-8004 registration metadata. Field names align with the - AgentRegistration document schema (ERC-8004 spec). + type: array + type: object + conditions: + description: |- + Condition types: ModelReady, UpstreamHealthy, PaymentGateReady, + RoutePublished, Registered, Ready. + items: properties: - enabled: - type: boolean - description: "If true, register on ERC-8004 after routing is live." - default: false - name: + lastTransitionTime: + description: Last time the condition transitioned. + format: date-time type: string - description: "Agent name (ERC-8004: AgentRegistration.name)." - description: + message: + description: Human-readable message with details. type: string - description: "Agent description (ERC-8004: AgentRegistration.description)." - image: + reason: + description: Machine-readable reason for the condition. type: string - description: "Agent icon URL (ERC-8004: AgentRegistration.image)." - services: - type: array - description: "Service endpoints (ERC-8004: AgentRegistration.services[])." - items: - type: object - required: - - name - - endpoint - properties: - name: - type: string - description: "Service type: web, A2A, MCP, OASF, ENS, DID, email." - endpoint: - type: string - description: "Service URL. Auto-filled from tunnel URL if empty." - version: - type: string - description: "Protocol version (SHOULD per ERC-8004 spec)." - skills: - type: array - description: >- - OASF skills for discovery (e.g. natural_language_processing/text_generation). - Mapped to an OASF service entry in the registration JSON. - items: - type: string - domains: - type: array - description: >- - OASF domains for discovery (e.g. technology/artificial_intelligence). - Mapped to an OASF service entry in the registration JSON. - items: - type: string - supportedTrust: - type: array - description: >- - Trust verification methods (ERC-8004: AgentRegistration.supportedTrust[]). - Valid values: reputation, crypto-economic, tee-attestation. - items: - type: string - metadata: - type: object - description: >- - Additional registration metadata published into the generated - agent-registration.json for discovery and ranking (for example: - gpu, framework, best_val_bpb, total_experiments). - additionalProperties: - type: string - status: - type: object - properties: - conditions: - type: array - description: >- - Condition types: ModelReady, UpstreamHealthy, PaymentGateReady, - RoutePublished, Registered, Ready. - items: - type: object - required: - - type - - status - properties: - type: - type: string - description: "Condition type." - status: - type: string - description: "Status of the condition." - enum: - - "True" - - "False" - - "Unknown" - reason: - type: string - description: "Machine-readable reason for the condition." - message: - type: string - description: "Human-readable message with details." - lastTransitionTime: - type: string - format: date-time - description: "Last time the condition transitioned." - endpoint: - type: string - description: "The public endpoint URL once the route is published." - agentId: - type: string - description: "ERC-8004 agent NFT token ID after on-chain registration." - registrationTxHash: - type: string - description: "Transaction hash of the ERC-8004 registration." - observedGeneration: - type: integer - format: int64 - description: "The generation observed by the controller." - agentResolution: - type: object - description: >- - Controller's resolved view of an agent-type offer's referenced - Agent. Populated only when type=agent and the Agent is Ready. - properties: - model: - type: string - skills: - type: array - items: - type: string - runtime: + status: + description: Status of the condition. + enum: + - "True" + - "False" + - Unknown type: string - endpoint: + type: + description: Condition type. type: string + required: + - status + - type + type: object + type: array + endpoint: + description: The public endpoint URL once the route is published. + type: string + observedGeneration: + description: The generation observed by the controller. + format: int64 + type: integer + registrationTxHash: + description: Transaction hash of the ERC-8004 registration. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/internal/monetizeapi/deepcopy_manual.go b/internal/monetizeapi/deepcopy_manual.go new file mode 100644 index 00000000..89636588 --- /dev/null +++ b/internal/monetizeapi/deepcopy_manual.go @@ -0,0 +1,58 @@ +package monetizeapi + +// PreSignedAuth deep-copy is hand-written because its Payment field is +// an opaque map[string]interface{} (controller-gen can't deep-copy +// untyped JSON). The type is excluded from generation via the +// object-generate=false marker in types.go. + +// DeepCopyInto copies the receiver into out. The Payment map is +// shallow-copied; values inside the map are JSON-serializable scalars / +// maps / slices passed through to the buyer sidecar, so a shallow copy +// is sufficient for the controller's deep-copy contract (no internal +// pointer aliasing into caller-owned mutable structures). +func (in *PreSignedAuth) DeepCopyInto(out *PreSignedAuth) { + *out = *in + if in.Payment != nil { + out.Payment = deepCopyJSONMap(in.Payment) + } +} + +// DeepCopy returns a deep copy of the receiver. +func (in *PreSignedAuth) DeepCopy() *PreSignedAuth { + if in == nil { + return nil + } + out := new(PreSignedAuth) + in.DeepCopyInto(out) + return out +} + +// deepCopyJSONMap walks an opaque JSON-decoded map[string]interface{} +// tree and returns a structurally identical copy. Handles the nested +// shapes the x402 PaymentPayload uses (object, array, scalar). +func deepCopyJSONMap(in map[string]interface{}) map[string]interface{} { + if in == nil { + return nil + } + out := make(map[string]interface{}, len(in)) + for k, v := range in { + out[k] = deepCopyJSONValue(v) + } + return out +} + +func deepCopyJSONValue(v interface{}) interface{} { + switch t := v.(type) { + case map[string]interface{}: + return deepCopyJSONMap(t) + case []interface{}: + out := make([]interface{}, len(t)) + for i, item := range t { + out[i] = deepCopyJSONValue(item) + } + return out + default: + // Strings, numbers, bools, nil — value types, safe to share. + return v + } +} diff --git a/internal/monetizeapi/doc.go b/internal/monetizeapi/doc.go new file mode 100644 index 00000000..63ab340c --- /dev/null +++ b/internal/monetizeapi/doc.go @@ -0,0 +1,16 @@ +// Package monetizeapi defines the Custom Resource Definitions for the +// Obol Stack monetize subsystem. +// +// The Go types in this package are the single source of truth for the +// CRD OpenAPI schemas embedded under +// internal/embed/infrastructure/base/templates/*-crd.yaml. +// +// Edit a field or marker here, then run `just generate` to regenerate +// the CRD YAML manifests + zz_generated_deepcopy.go from kubebuilder +// markers. CI fails if the working tree is dirty after that command +// runs (see .github/workflows/lint-test.yaml::generate-check). +// +// +kubebuilder:object:generate=true +// +groupName=obol.org +// +versionName=v1alpha1 +package monetizeapi diff --git a/internal/monetizeapi/types.go b/internal/monetizeapi/types.go index 6e905eee..ac104b7c 100644 --- a/internal/monetizeapi/types.go +++ b/internal/monetizeapi/types.go @@ -61,6 +61,21 @@ var ( PVCGVR = schema.GroupVersionResource{Group: "", Version: "v1", Resource: "persistentvolumeclaims"} ) +// ── ServiceOffer ──────────────────────────────────────────────────────────── + +// +kubebuilder:object:root=true +// +kubebuilder:resource:scope=Namespaced,shortName=so +// +kubebuilder:subresource:status +// +kubebuilder:printcolumn:name="Type",type=string,JSONPath=`.spec.type` +// +kubebuilder:printcolumn:name="Model",type=string,JSONPath=`.spec.model.name` +// +kubebuilder:printcolumn:name="Price",type=string,JSONPath=`.spec.payment.price.perRequest` +// +kubebuilder:printcolumn:name="Network",type=string,JSONPath=`.spec.payment.network` +// +kubebuilder:printcolumn:name="Ready",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].status` +// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` + +// ServiceOffer declares a compute service that can be exposed publicly, +// gated with x402 payments, and optionally registered on an ERC-8004 +// service registry. Field names align with x402 and ERC-8004 standards. type ServiceOffer struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -68,14 +83,48 @@ type ServiceOffer struct { Status ServiceOfferStatus `json:"status,omitempty"` } +// +kubebuilder:object:root=true + +// ServiceOfferList is the list form for kubectl/list operations. +type ServiceOfferList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []ServiceOffer `json:"items"` +} + type ServiceOfferSpec struct { - Type string `json:"type,omitempty"` - Agent ServiceOfferAgent `json:"agent,omitempty"` - Model ServiceOfferModel `json:"model,omitempty"` - Upstream ServiceOfferUpstream `json:"upstream,omitempty"` - Payment ServiceOfferPayment `json:"payment,omitempty"` - Path string `json:"path,omitempty"` - Provenance map[string]string `json:"provenance,omitempty"` + // Service type. 'inference' enables model management; 'http' for any HTTP + // service; 'agent' references an Agent CR via spec.agent.ref and the + // controller derives upstream + model + skills from the agent's status. + // +kubebuilder:default="http" + // +kubebuilder:validation:Enum=inference;fine-tuning;http;agent + Type string `json:"type,omitempty"` + + // Required when type='agent'. The controller resolves spec.agent.ref to + // the referenced Agent CR, derives upstream from Agent.status.endpoint, + // and surfaces the agent's pinned model + skills in the 402 response. + Agent ServiceOfferAgent `json:"agent,omitempty"` + + // LLM model metadata. Required when the upstream serves an LLM. + Model ServiceOfferModel `json:"model,omitempty"` + + // In-cluster service that handles the actual workload. + Upstream ServiceOfferUpstream `json:"upstream,omitempty"` + + // +kubebuilder:validation:Required + Payment ServiceOfferPayment `json:"payment"` + + // URL path prefix for the HTTPRoute, defaults to /services/. + // +kubebuilder:validation:Pattern=`^/[a-zA-Z0-9/_.-]*$` + Path string `json:"path,omitempty"` + + // Optional provenance metadata for the service. Tracks how the model or + // service was produced (e.g. autoresearch experiment data). Included in + // the ERC-8004 registration document when present. + Provenance map[string]string `json:"provenance,omitempty"` + + // ERC-8004 registration metadata. Field names align with the + // AgentRegistration document schema (ERC-8004 spec). Registration ServiceOfferRegistration `json:"registration,omitempty"` } @@ -88,72 +137,148 @@ type ServiceOfferAgent struct { } type ServiceOfferAgentRef struct { - Name string `json:"name,omitempty"` - Namespace string `json:"namespace,omitempty"` + // +kubebuilder:validation:Required + Name string `json:"name"` + // +kubebuilder:validation:Required + Namespace string `json:"namespace"` } type ServiceOfferModel struct { - Name string `json:"name,omitempty"` - Runtime string `json:"runtime,omitempty"` + // Model identifier (e.g. qwen3.5:35b). + // +kubebuilder:validation:Required + Name string `json:"name"` + // Runtime serving the model. + // +kubebuilder:validation:Required + // +kubebuilder:validation:Enum=ollama;vllm;tgi + Runtime string `json:"runtime"` } type ServiceOfferUpstream struct { - Service string `json:"service,omitempty"` - Namespace string `json:"namespace,omitempty"` - Port int64 `json:"port,omitempty"` + // Kubernetes Service name. + // +kubebuilder:validation:Required + Service string `json:"service"` + // Namespace of the upstream Service. + // +kubebuilder:validation:Required + Namespace string `json:"namespace"` + // Port on the upstream Service. + // +kubebuilder:validation:Required + // +kubebuilder:default=11434 + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=65535 + Port int64 `json:"port"` + // HTTP path used for health probes against the upstream. + // +kubebuilder:default="/health" HealthPath string `json:"healthPath,omitempty"` } type ServiceOfferPayment struct { - Scheme string `json:"scheme,omitempty"` - Network string `json:"network,omitempty"` - PayTo string `json:"payTo,omitempty"` - MaxTimeoutSeconds int64 `json:"maxTimeoutSeconds,omitempty"` - Asset ServiceOfferAsset `json:"asset,omitempty"` - Price ServiceOfferPriceTable `json:"price,omitempty"` + // x402 payment scheme. + // +kubebuilder:default="exact" + // +kubebuilder:validation:Enum=exact + Scheme string `json:"scheme,omitempty"` + // Chain identifier for payments (human-friendly). Reconciler resolves + // to CAIP-2 format (e.g., "base-sepolia" → "eip155:84532"). + // +kubebuilder:validation:Required + Network string `json:"network"` + // USDC recipient wallet address (x402: payTo). + // +kubebuilder:validation:Required + // +kubebuilder:validation:Pattern=`^0x[0-9a-fA-F]{40}$` + PayTo string `json:"payTo"` + // Payment validity window in seconds (x402: maxTimeoutSeconds). + // +kubebuilder:default=300 + MaxTimeoutSeconds int64 `json:"maxTimeoutSeconds,omitempty"` + // Optional token metadata override for x402 settlement. When omitted, + // the verifier uses the chain default asset. + Asset ServiceOfferAsset `json:"asset,omitempty"` + // Pricing table with per-unit prices in USDC (human-readable decimals). + // Which fields are applicable depends on the workload type. + // +kubebuilder:validation:Required + Price ServiceOfferPriceTable `json:"price"` } type ServiceOfferAsset struct { - Address string `json:"address,omitempty"` - Symbol string `json:"symbol,omitempty"` - Decimals int64 `json:"decimals,omitempty"` + // ERC-20 contract address. + // +kubebuilder:validation:Pattern=`^0x[0-9a-fA-F]{40}$` + Address string `json:"address,omitempty"` + // Human-friendly token symbol (e.g. USDC, OBOL). + Symbol string `json:"symbol,omitempty"` + // Token decimals in atomic units. + // +kubebuilder:validation:Minimum=0 + // +kubebuilder:validation:Maximum=255 + Decimals int64 `json:"decimals,omitempty"` + // x402 transfer method for the asset. + // +kubebuilder:validation:Enum=eip3009;permit2 TransferMethod string `json:"transferMethod,omitempty"` - EIP712Name string `json:"eip712Name,omitempty"` - EIP712Version string `json:"eip712Version,omitempty"` + // EIP-712 domain name used by the token. + EIP712Name string `json:"eip712Name,omitempty"` + // EIP-712 domain version used by the token. + EIP712Version string `json:"eip712Version,omitempty"` } type ServiceOfferPriceTable struct { + // Flat per-request price in USDC. Applicable to all types. PerRequest string `json:"perRequest,omitempty"` - PerMTok string `json:"perMTok,omitempty"` - PerHour string `json:"perHour,omitempty"` - PerEpoch string `json:"perEpoch,omitempty"` + // Per-million-tokens price in USDC. Inference only. + PerMTok string `json:"perMTok,omitempty"` + // Per-compute-hour price in USDC. Fine-tuning only. + PerHour string `json:"perHour,omitempty"` + // Per-training-epoch price in USDC. Fine-tuning only. + PerEpoch string `json:"perEpoch,omitempty"` } type ServiceOfferRegistration struct { - Enabled bool `json:"enabled,omitempty"` - Name string `json:"name,omitempty"` - Description string `json:"description,omitempty"` - Image string `json:"image,omitempty"` - Services []ServiceOfferService `json:"services,omitempty"` - SupportedTrust []string `json:"supportedTrust,omitempty"` - Skills []string `json:"skills,omitempty"` - Domains []string `json:"domains,omitempty"` - Metadata map[string]string `json:"metadata,omitempty"` + // If true, register on ERC-8004 after routing is live. + // +kubebuilder:default=false + Enabled bool `json:"enabled,omitempty"` + // Agent name (ERC-8004: AgentRegistration.name). + Name string `json:"name,omitempty"` + // Agent description (ERC-8004: AgentRegistration.description). + Description string `json:"description,omitempty"` + // Agent icon URL (ERC-8004: AgentRegistration.image). + Image string `json:"image,omitempty"` + // Service endpoints (ERC-8004: AgentRegistration.services[]). + Services []ServiceOfferService `json:"services,omitempty"` + // Trust verification methods (ERC-8004: AgentRegistration.supportedTrust[]). + // Valid values: reputation, crypto-economic, tee-attestation. + SupportedTrust []string `json:"supportedTrust,omitempty"` + // OASF skills for discovery (e.g. + // natural_language_processing/text_generation). Mapped to an OASF + // service entry in the registration JSON. + Skills []string `json:"skills,omitempty"` + // OASF domains for discovery (e.g. technology/artificial_intelligence). + // Mapped to an OASF service entry in the registration JSON. + Domains []string `json:"domains,omitempty"` + // Additional registration metadata published into the generated + // agent-registration.json for discovery and ranking. + Metadata map[string]string `json:"metadata,omitempty"` } type ServiceOfferService struct { - Name string `json:"name,omitempty"` - Endpoint string `json:"endpoint,omitempty"` - Version string `json:"version,omitempty"` + // Service type: web, A2A, MCP, OASF, ENS, DID, email. + // +kubebuilder:validation:Required + Name string `json:"name"` + // Service URL. Auto-filled from tunnel URL if empty. + // +kubebuilder:validation:Required + Endpoint string `json:"endpoint"` + // Protocol version (SHOULD per ERC-8004 spec). + Version string `json:"version,omitempty"` } type ServiceOfferStatus struct { - Conditions []Condition `json:"conditions,omitempty"` - Endpoint string `json:"endpoint,omitempty"` - AgentID string `json:"agentId,omitempty"` - RegistrationTxHash string `json:"registrationTxHash,omitempty"` - ObservedGeneration int64 `json:"observedGeneration,omitempty"` - AgentResolution *ServiceOfferAgentResolution `json:"agentResolution,omitempty"` + // Condition types: ModelReady, UpstreamHealthy, PaymentGateReady, + // RoutePublished, Registered, Ready. + Conditions []Condition `json:"conditions,omitempty"` + // The public endpoint URL once the route is published. + Endpoint string `json:"endpoint,omitempty"` + // ERC-8004 agent NFT token ID after on-chain registration. + AgentID string `json:"agentId,omitempty"` + // Transaction hash of the ERC-8004 registration. + RegistrationTxHash string `json:"registrationTxHash,omitempty"` + // The generation observed by the controller. + ObservedGeneration int64 `json:"observedGeneration,omitempty"` + // Controller's resolved view of an agent-type offer's referenced Agent. + // Populated only when type=agent and the Agent is Ready. + AgentResolution *ServiceOfferAgentResolution `json:"agentResolution,omitempty"` } // ServiceOfferAgentResolution is the controller's resolved view of an @@ -169,13 +294,35 @@ type ServiceOfferAgentResolution struct { } type Condition struct { - Type string `json:"type"` - Status string `json:"status"` - Reason string `json:"reason,omitempty"` - Message string `json:"message,omitempty"` + // Condition type. + // +kubebuilder:validation:Required + Type string `json:"type"` + // Status of the condition. + // +kubebuilder:validation:Required + // +kubebuilder:validation:Enum=True;False;Unknown + Status string `json:"status"` + // Machine-readable reason for the condition. + Reason string `json:"reason,omitempty"` + // Human-readable message with details. + Message string `json:"message,omitempty"` + // Last time the condition transitioned. LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"` } +// ── RegistrationRequest ───────────────────────────────────────────────────── + +// +kubebuilder:object:root=true +// +kubebuilder:resource:scope=Namespaced,shortName=rr +// +kubebuilder:subresource:status +// +kubebuilder:printcolumn:name="Offer",type=string,JSONPath=`.spec.serviceOfferName` +// +kubebuilder:printcolumn:name="State",type=string,JSONPath=`.spec.desiredState` +// +kubebuilder:printcolumn:name="Phase",type=string,JSONPath=`.status.phase` +// +kubebuilder:printcolumn:name="AgentID",type=string,JSONPath=`.status.agentId` +// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` + +// RegistrationRequest isolates ERC-8004 publication and on-chain side +// effects from the main ServiceOffer reconciliation loop. ServiceOffer +// remains the source of truth. type RegistrationRequest struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -183,11 +330,25 @@ type RegistrationRequest struct { Status RegistrationRequestStatus `json:"status,omitempty"` } +// +kubebuilder:object:root=true + +// RegistrationRequestList is the list form for kubectl/list operations. +type RegistrationRequestList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []RegistrationRequest `json:"items"` +} + type RegistrationRequestSpec struct { - ServiceOfferName string `json:"serviceOfferName,omitempty"` - ServiceOfferNamespace string `json:"serviceOfferNamespace,omitempty"` - DesiredState string `json:"desiredState,omitempty"` - Chain string `json:"chain,omitempty"` + // +kubebuilder:validation:Required + ServiceOfferName string `json:"serviceOfferName"` + // +kubebuilder:validation:Required + ServiceOfferNamespace string `json:"serviceOfferNamespace"` + // +kubebuilder:validation:Required + // +kubebuilder:validation:Enum=Active;Tombstoned + DesiredState string `json:"desiredState"` + // ERC-8004 registration chain alias for this request. + Chain string `json:"chain,omitempty"` } type RegistrationRequestStatus struct { @@ -247,6 +408,19 @@ func (o *ServiceOffer) IsPaused() bool { // ── PurchaseRequest ───────────────────────────────────────────────────────── +// +kubebuilder:object:root=true +// +kubebuilder:resource:scope=Namespaced,shortName=pr +// +kubebuilder:subresource:status +// +kubebuilder:printcolumn:name="Endpoint",type=string,JSONPath=`.spec.endpoint` +// +kubebuilder:printcolumn:name="Model",type=string,JSONPath=`.spec.model` +// +kubebuilder:printcolumn:name="Price",type=string,JSONPath=`.spec.payment.price` +// +kubebuilder:printcolumn:name="Remaining",type=integer,JSONPath=`.status.remaining` +// +kubebuilder:printcolumn:name="Spent",type=integer,JSONPath=`.status.spent` +// +kubebuilder:printcolumn:name="Ready",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].status` +// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` + +// PurchaseRequest is the buyer-side request for pre-signed x402 auths +// against a remote inference endpoint. type PurchaseRequest struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -254,57 +428,110 @@ type PurchaseRequest struct { Status PurchaseRequestStatus `json:"status,omitempty"` } +// +kubebuilder:object:root=true + +// PurchaseRequestList is the list form for kubectl/list operations. +type PurchaseRequestList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []PurchaseRequest `json:"items"` +} + type PurchaseRequestSpec struct { - Endpoint string `json:"endpoint"` - Model string `json:"model"` - Count int `json:"count"` + // Full URL to the x402-gated inference endpoint. + // +kubebuilder:validation:Required + Endpoint string `json:"endpoint"` + // Remote model ID (used as paid/ in LiteLLM). + // +kubebuilder:validation:Required + Model string `json:"model"` + // Number of pre-signed auths to create. + // +kubebuilder:validation:Required + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=2500 + Count int `json:"count"` + // Pre-signed x402 payments (legacy ERC-3009 auths still supported). PreSignedAuths []PreSignedAuth `json:"preSignedAuths,omitempty"` AutoRefill PurchaseAutoRefill `json:"autoRefill,omitempty"` - Payment PurchasePayment `json:"payment"` + // +kubebuilder:validation:Required + Payment PurchasePayment `json:"payment"` } +// +kubebuilder:object:generate=false + +// PreSignedAuth carries a pre-signed x402 payment authorization. The +// Payment map is opaque (forwarded verbatim to the buyer sidecar / x402 +// facilitator) which can't be deep-copied by controller-gen; DeepCopy +// methods for this type are hand-written in deepcopy_manual.go. type PreSignedAuth struct { - ID string `json:"id,omitempty"` + ID string `json:"id,omitempty"` + // +kubebuilder:pruning:PreserveUnknownFields + // +kubebuilder:validation:Schemaless Payment map[string]interface{} `json:"payment,omitempty"` - Signature string `json:"signature"` - From string `json:"from"` - To string `json:"to"` - Value string `json:"value"` - ValidAfter string `json:"validAfter"` - ValidBefore string `json:"validBefore"` - Nonce string `json:"nonce"` -} - + Signature string `json:"signature,omitempty"` + From string `json:"from,omitempty"` + To string `json:"to,omitempty"` + Value string `json:"value,omitempty"` + ValidAfter string `json:"validAfter,omitempty"` + ValidBefore string `json:"validBefore,omitempty"` + Nonce string `json:"nonce,omitempty"` +} + +// PurchaseAutoRefill drives the agent-managed auto-refill policy for a +// PurchaseRequest. The reconciler reads MaxTotal + MaxSpendPerDay as +// budget caps before signing more auths; without these fields populated +// the agent will not auto-refill beyond the initial Count. type PurchaseAutoRefill struct { - Enabled bool `json:"enabled,omitempty"` - Threshold int `json:"threshold,omitempty"` - Count int `json:"count,omitempty"` + // +kubebuilder:default=false + Enabled bool `json:"enabled,omitempty"` + // Refill when remaining < threshold. + // +kubebuilder:validation:Minimum=0 + Threshold int `json:"threshold,omitempty"` + // Number of auths to sign on refill. + // +kubebuilder:validation:Minimum=1 + Count int `json:"count,omitempty"` + // Cap total auths ever signed. + MaxTotal int `json:"maxTotal,omitempty"` + // Max micro-USDC spend per day. + MaxSpendPerDay string `json:"maxSpendPerDay,omitempty"` } type PurchasePayment struct { - Network string `json:"network"` - PayTo string `json:"payTo"` - Price string `json:"price"` - Asset string `json:"asset"` - AssetSymbol string `json:"assetSymbol,omitempty"` - AssetDecimals int64 `json:"assetDecimals,omitempty"` + // +kubebuilder:validation:Required + Network string `json:"network"` + // +kubebuilder:validation:Required + PayTo string `json:"payTo"` + // Atomic token units per request. + // +kubebuilder:validation:Required + Price string `json:"price"` + // ERC-20 contract address. + // +kubebuilder:validation:Required + Asset string `json:"asset"` + // Human-friendly token symbol (e.g. USDC, OBOL). + AssetSymbol string `json:"assetSymbol,omitempty"` + // Token decimals in atomic units. + AssetDecimals int64 `json:"assetDecimals,omitempty"` + // x402 transfer method used for this asset. AssetTransferMethod string `json:"assetTransferMethod,omitempty"` - EIP712Name string `json:"eip712Name,omitempty"` - EIP712Version string `json:"eip712Version,omitempty"` + // EIP-712 domain name used for signing. + EIP712Name string `json:"eip712Name,omitempty"` + // EIP-712 domain version used for signing. + EIP712Version string `json:"eip712Version,omitempty"` } type PurchaseRequestStatus struct { ObservedGeneration int64 `json:"observedGeneration,omitempty"` Conditions []Condition `json:"conditions,omitempty"` - PublicModel string `json:"publicModel,omitempty"` - Remaining int `json:"remaining,omitempty"` - Spent int `json:"spent,omitempty"` - TotalSigned int `json:"totalSigned,omitempty"` - TotalSpent string `json:"totalSpent,omitempty"` - ProbedAt string `json:"probedAt,omitempty"` - ProbedPrice string `json:"probedPrice,omitempty"` - WalletBalance string `json:"walletBalance,omitempty"` - SignerAddress string `json:"signerAddress,omitempty"` + // LiteLLM model name (paid/). + PublicModel string `json:"publicModel,omitempty"` + Remaining int `json:"remaining,omitempty"` + Spent int `json:"spent,omitempty"` + TotalSigned int `json:"totalSigned,omitempty"` + TotalSpent string `json:"totalSpent,omitempty"` + // +kubebuilder:validation:Format=date-time + ProbedAt string `json:"probedAt,omitempty"` + ProbedPrice string `json:"probedPrice,omitempty"` + WalletBalance string `json:"walletBalance,omitempty"` + SignerAddress string `json:"signerAddress,omitempty"` } func (pr *PurchaseRequest) EffectiveBuyerNamespace() string { @@ -313,6 +540,21 @@ func (pr *PurchaseRequest) EffectiveBuyerNamespace() string { // ── Agent ─────────────────────────────────────────────────────────────────── +// +kubebuilder:object:root=true +// +kubebuilder:resource:scope=Namespaced,shortName=ag +// +kubebuilder:subresource:status +// +kubebuilder:printcolumn:name="Runtime",type=string,JSONPath=`.spec.runtime` +// +kubebuilder:printcolumn:name="Model",type=string,JSONPath=`.status.pinnedModel` +// +kubebuilder:printcolumn:name="Wallet",type=string,JSONPath=`.status.walletAddress` +// +kubebuilder:printcolumn:name="Phase",type=string,JSONPath=`.status.phase` +// +kubebuilder:printcolumn:name="Ready",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].status` +// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` + +// Agent is the declarative spec for an Obol Stack agent (Hermes today, +// OpenClaw later). Decouples agent lifecycle from selling: `obol sell +// agent ` references an existing Agent rather than provisioning +// one inline. Internal manager agents with RBAC can also create Agent +// resources to spawn sub-agents. type Agent struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -320,25 +562,58 @@ type Agent struct { Status AgentStatus `json:"status,omitempty"` } +// +kubebuilder:object:root=true + +// AgentList is the list form for kubectl/list operations. +type AgentList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []Agent `json:"items"` +} + type AgentSpec struct { - Runtime string `json:"runtime,omitempty"` - Model string `json:"model,omitempty"` - Skills []string `json:"skills,omitempty"` + // Agent runtime (only hermes today; openclaw planned). + // +kubebuilder:default=hermes + // +kubebuilder:validation:Enum=hermes + Runtime string `json:"runtime,omitempty"` + // LiteLLM model name to pin. Empty = controller picks cluster + // top-of-rank on first deploy and writes status.pinnedModel. + // +kubebuilder:validation:MaxLength=256 + Model string `json:"model,omitempty"` + // Allow-listed skills written to the per-agent skills dir on first + // reconcile. Agent can edit afterwards; this is a seed, not a sandbox. + // +kubebuilder:validation:MaxItems=64 + // +kubebuilder:validation:items:Pattern=`^[a-z0-9][a-z0-9-]*$` + // +kubebuilder:validation:items:MaxLength=64 + Skills []string `json:"skills,omitempty"` + // Operator-supplied objective text. Substituted into the SOUL.md + // template by the seeder on first write. Agent owns SOUL.md after that. + // +kubebuilder:validation:MaxLength=4096 Objective string `json:"objective,omitempty"` Wallet AgentWallet `json:"wallet,omitempty"` } type AgentWallet struct { + // Provision a per-namespace remote-signer keystore. Address is + // published in status.walletAddress. + // +kubebuilder:default=false Create bool `json:"create,omitempty"` } type AgentStatus struct { - ObservedGeneration int64 `json:"observedGeneration,omitempty"` - Phase string `json:"phase,omitempty"` - PinnedModel string `json:"pinnedModel,omitempty"` - WalletAddress string `json:"walletAddress,omitempty"` - Endpoint string `json:"endpoint,omitempty"` - Conditions []Condition `json:"conditions,omitempty"` + ObservedGeneration int64 `json:"observedGeneration,omitempty"` + // Pending | Provisioning | Ready | Failed + Phase string `json:"phase,omitempty"` + // Actual model the agent is using (= spec.model when set, otherwise + // the auto-picked top-of-rank). + PinnedModel string `json:"pinnedModel,omitempty"` + // Agent's signing address when wallet.create=true. Empty otherwise. + // +kubebuilder:validation:Pattern=`^(0x[0-9a-fA-F]{40})?$` + WalletAddress string `json:"walletAddress,omitempty"` + // Cluster-internal URL for the agent runtime (e.g. + // http://hermes.agent-quant.svc.cluster.local:8642). + Endpoint string `json:"endpoint,omitempty"` + Conditions []Condition `json:"conditions,omitempty"` } func (a *Agent) EffectiveRuntime() string { @@ -363,12 +638,22 @@ func (a *Agent) IsReady() bool { return a.Status.Phase == AgentPhaseReady } -// AgentIdentity is the durable, on-chain identity an operator controls in the -// ERC-8004 Identity Registry. A single AgentIdentity outlives ServiceOffers: -// deleting the last ServiceOffer that references it does not delete the NFT, -// the published registration document, or the recorded agentId; instead the -// renderer publishes a tombstone (active:false, x402Support:false) so external -// observers still see the historical record. +// ── AgentIdentity ─────────────────────────────────────────────────────────── + +// +kubebuilder:object:root=true +// +kubebuilder:resource:scope=Namespaced,shortName=aid +// +kubebuilder:subresource:status +// +kubebuilder:printcolumn:name="Chains",type=string,JSONPath=`.status.registrations[*].chain` +// +kubebuilder:printcolumn:name="AgentIDs",type=string,JSONPath=`.status.registrations[*].agentId` +// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp` + +// AgentIdentity is the durable, on-chain identity an operator controls in +// the ERC-8004 Identity Registry. A single AgentIdentity outlives +// ServiceOffers: deleting the last ServiceOffer that references it does +// not delete the NFT, the published registration document, or the +// recorded agentId; instead the renderer publishes a tombstone +// (active:false, x402Support:false) so external observers still see the +// historical record. type AgentIdentity struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -376,16 +661,31 @@ type AgentIdentity struct { Status AgentIdentityStatus `json:"status,omitempty"` } +// +kubebuilder:object:root=true + +// AgentIdentityList is the list form for kubectl/list operations. +type AgentIdentityList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []AgentIdentity `json:"items"` +} + type AgentIdentitySpec struct { } type AgentIdentityStatus struct { + // Per-chain ERC-8004 registrations for this identity document. Registrations []AgentIdentityRegistration `json:"registrations,omitempty"` } type AgentIdentityRegistration struct { - Chain string `json:"chain,omitempty"` - AgentID string `json:"agentId,omitempty"` + // ERC-8004 registration chain alias. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MaxLength=64 + Chain string `json:"chain"` + // On-chain ERC-721 tokenId on the given chain. + // +kubebuilder:validation:Required + AgentID string `json:"agentId"` } func AgentIdentityAgentIDForChain(status AgentIdentityStatus, chain string) string { diff --git a/internal/monetizeapi/zz_generated.deepcopy.go b/internal/monetizeapi/zz_generated.deepcopy.go new file mode 100644 index 00000000..ca9fdb32 --- /dev/null +++ b/internal/monetizeapi/zz_generated.deepcopy.go @@ -0,0 +1,775 @@ +//go:build !ignore_autogenerated + +// Code generated by controller-gen. DO NOT EDIT. + +// Code generated by controller-gen. DO NOT EDIT. + +package monetizeapi + +import ( + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Agent) DeepCopyInto(out *Agent) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Agent. +func (in *Agent) DeepCopy() *Agent { + if in == nil { + return nil + } + out := new(Agent) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Agent) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AgentIdentity) DeepCopyInto(out *AgentIdentity) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AgentIdentity. +func (in *AgentIdentity) DeepCopy() *AgentIdentity { + if in == nil { + return nil + } + out := new(AgentIdentity) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *AgentIdentity) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AgentIdentityList) DeepCopyInto(out *AgentIdentityList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]AgentIdentity, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AgentIdentityList. +func (in *AgentIdentityList) DeepCopy() *AgentIdentityList { + if in == nil { + return nil + } + out := new(AgentIdentityList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *AgentIdentityList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AgentIdentityRegistration) DeepCopyInto(out *AgentIdentityRegistration) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AgentIdentityRegistration. +func (in *AgentIdentityRegistration) DeepCopy() *AgentIdentityRegistration { + if in == nil { + return nil + } + out := new(AgentIdentityRegistration) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AgentIdentitySpec) DeepCopyInto(out *AgentIdentitySpec) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AgentIdentitySpec. +func (in *AgentIdentitySpec) DeepCopy() *AgentIdentitySpec { + if in == nil { + return nil + } + out := new(AgentIdentitySpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AgentIdentityStatus) DeepCopyInto(out *AgentIdentityStatus) { + *out = *in + if in.Registrations != nil { + in, out := &in.Registrations, &out.Registrations + *out = make([]AgentIdentityRegistration, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AgentIdentityStatus. +func (in *AgentIdentityStatus) DeepCopy() *AgentIdentityStatus { + if in == nil { + return nil + } + out := new(AgentIdentityStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AgentList) DeepCopyInto(out *AgentList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Agent, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AgentList. +func (in *AgentList) DeepCopy() *AgentList { + if in == nil { + return nil + } + out := new(AgentList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *AgentList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AgentSpec) DeepCopyInto(out *AgentSpec) { + *out = *in + if in.Skills != nil { + in, out := &in.Skills, &out.Skills + *out = make([]string, len(*in)) + copy(*out, *in) + } + out.Wallet = in.Wallet +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AgentSpec. +func (in *AgentSpec) DeepCopy() *AgentSpec { + if in == nil { + return nil + } + out := new(AgentSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AgentStatus) DeepCopyInto(out *AgentStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AgentStatus. +func (in *AgentStatus) DeepCopy() *AgentStatus { + if in == nil { + return nil + } + out := new(AgentStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AgentWallet) DeepCopyInto(out *AgentWallet) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AgentWallet. +func (in *AgentWallet) DeepCopy() *AgentWallet { + if in == nil { + return nil + } + out := new(AgentWallet) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Condition) DeepCopyInto(out *Condition) { + *out = *in + in.LastTransitionTime.DeepCopyInto(&out.LastTransitionTime) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Condition. +func (in *Condition) DeepCopy() *Condition { + if in == nil { + return nil + } + out := new(Condition) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PurchaseAutoRefill) DeepCopyInto(out *PurchaseAutoRefill) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PurchaseAutoRefill. +func (in *PurchaseAutoRefill) DeepCopy() *PurchaseAutoRefill { + if in == nil { + return nil + } + out := new(PurchaseAutoRefill) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PurchasePayment) DeepCopyInto(out *PurchasePayment) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PurchasePayment. +func (in *PurchasePayment) DeepCopy() *PurchasePayment { + if in == nil { + return nil + } + out := new(PurchasePayment) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PurchaseRequest) DeepCopyInto(out *PurchaseRequest) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PurchaseRequest. +func (in *PurchaseRequest) DeepCopy() *PurchaseRequest { + if in == nil { + return nil + } + out := new(PurchaseRequest) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PurchaseRequest) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PurchaseRequestList) DeepCopyInto(out *PurchaseRequestList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]PurchaseRequest, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PurchaseRequestList. +func (in *PurchaseRequestList) DeepCopy() *PurchaseRequestList { + if in == nil { + return nil + } + out := new(PurchaseRequestList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PurchaseRequestList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PurchaseRequestSpec) DeepCopyInto(out *PurchaseRequestSpec) { + *out = *in + if in.PreSignedAuths != nil { + in, out := &in.PreSignedAuths, &out.PreSignedAuths + *out = make([]PreSignedAuth, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + out.AutoRefill = in.AutoRefill + out.Payment = in.Payment +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PurchaseRequestSpec. +func (in *PurchaseRequestSpec) DeepCopy() *PurchaseRequestSpec { + if in == nil { + return nil + } + out := new(PurchaseRequestSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PurchaseRequestStatus) DeepCopyInto(out *PurchaseRequestStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PurchaseRequestStatus. +func (in *PurchaseRequestStatus) DeepCopy() *PurchaseRequestStatus { + if in == nil { + return nil + } + out := new(PurchaseRequestStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RegistrationRequest) DeepCopyInto(out *RegistrationRequest) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + out.Status = in.Status +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegistrationRequest. +func (in *RegistrationRequest) DeepCopy() *RegistrationRequest { + if in == nil { + return nil + } + out := new(RegistrationRequest) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *RegistrationRequest) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RegistrationRequestList) DeepCopyInto(out *RegistrationRequestList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]RegistrationRequest, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegistrationRequestList. +func (in *RegistrationRequestList) DeepCopy() *RegistrationRequestList { + if in == nil { + return nil + } + out := new(RegistrationRequestList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *RegistrationRequestList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RegistrationRequestSpec) DeepCopyInto(out *RegistrationRequestSpec) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegistrationRequestSpec. +func (in *RegistrationRequestSpec) DeepCopy() *RegistrationRequestSpec { + if in == nil { + return nil + } + out := new(RegistrationRequestSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RegistrationRequestStatus) DeepCopyInto(out *RegistrationRequestStatus) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RegistrationRequestStatus. +func (in *RegistrationRequestStatus) DeepCopy() *RegistrationRequestStatus { + if in == nil { + return nil + } + out := new(RegistrationRequestStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceOffer) DeepCopyInto(out *ServiceOffer) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceOffer. +func (in *ServiceOffer) DeepCopy() *ServiceOffer { + if in == nil { + return nil + } + out := new(ServiceOffer) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ServiceOffer) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceOfferAgent) DeepCopyInto(out *ServiceOfferAgent) { + *out = *in + out.Ref = in.Ref +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceOfferAgent. +func (in *ServiceOfferAgent) DeepCopy() *ServiceOfferAgent { + if in == nil { + return nil + } + out := new(ServiceOfferAgent) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceOfferAgentRef) DeepCopyInto(out *ServiceOfferAgentRef) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceOfferAgentRef. +func (in *ServiceOfferAgentRef) DeepCopy() *ServiceOfferAgentRef { + if in == nil { + return nil + } + out := new(ServiceOfferAgentRef) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceOfferAgentResolution) DeepCopyInto(out *ServiceOfferAgentResolution) { + *out = *in + if in.Skills != nil { + in, out := &in.Skills, &out.Skills + *out = make([]string, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceOfferAgentResolution. +func (in *ServiceOfferAgentResolution) DeepCopy() *ServiceOfferAgentResolution { + if in == nil { + return nil + } + out := new(ServiceOfferAgentResolution) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceOfferAsset) DeepCopyInto(out *ServiceOfferAsset) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceOfferAsset. +func (in *ServiceOfferAsset) DeepCopy() *ServiceOfferAsset { + if in == nil { + return nil + } + out := new(ServiceOfferAsset) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceOfferList) DeepCopyInto(out *ServiceOfferList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]ServiceOffer, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceOfferList. +func (in *ServiceOfferList) DeepCopy() *ServiceOfferList { + if in == nil { + return nil + } + out := new(ServiceOfferList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ServiceOfferList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceOfferModel) DeepCopyInto(out *ServiceOfferModel) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceOfferModel. +func (in *ServiceOfferModel) DeepCopy() *ServiceOfferModel { + if in == nil { + return nil + } + out := new(ServiceOfferModel) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceOfferPayment) DeepCopyInto(out *ServiceOfferPayment) { + *out = *in + out.Asset = in.Asset + out.Price = in.Price +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceOfferPayment. +func (in *ServiceOfferPayment) DeepCopy() *ServiceOfferPayment { + if in == nil { + return nil + } + out := new(ServiceOfferPayment) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceOfferPriceTable) DeepCopyInto(out *ServiceOfferPriceTable) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceOfferPriceTable. +func (in *ServiceOfferPriceTable) DeepCopy() *ServiceOfferPriceTable { + if in == nil { + return nil + } + out := new(ServiceOfferPriceTable) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceOfferRegistration) DeepCopyInto(out *ServiceOfferRegistration) { + *out = *in + if in.Services != nil { + in, out := &in.Services, &out.Services + *out = make([]ServiceOfferService, len(*in)) + copy(*out, *in) + } + if in.SupportedTrust != nil { + in, out := &in.SupportedTrust, &out.SupportedTrust + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Skills != nil { + in, out := &in.Skills, &out.Skills + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Domains != nil { + in, out := &in.Domains, &out.Domains + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Metadata != nil { + in, out := &in.Metadata, &out.Metadata + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceOfferRegistration. +func (in *ServiceOfferRegistration) DeepCopy() *ServiceOfferRegistration { + if in == nil { + return nil + } + out := new(ServiceOfferRegistration) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceOfferService) DeepCopyInto(out *ServiceOfferService) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceOfferService. +func (in *ServiceOfferService) DeepCopy() *ServiceOfferService { + if in == nil { + return nil + } + out := new(ServiceOfferService) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceOfferSpec) DeepCopyInto(out *ServiceOfferSpec) { + *out = *in + out.Agent = in.Agent + out.Model = in.Model + out.Upstream = in.Upstream + out.Payment = in.Payment + if in.Provenance != nil { + in, out := &in.Provenance, &out.Provenance + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + in.Registration.DeepCopyInto(&out.Registration) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceOfferSpec. +func (in *ServiceOfferSpec) DeepCopy() *ServiceOfferSpec { + if in == nil { + return nil + } + out := new(ServiceOfferSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceOfferStatus) DeepCopyInto(out *ServiceOfferStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.AgentResolution != nil { + in, out := &in.AgentResolution, &out.AgentResolution + *out = new(ServiceOfferAgentResolution) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceOfferStatus. +func (in *ServiceOfferStatus) DeepCopy() *ServiceOfferStatus { + if in == nil { + return nil + } + out := new(ServiceOfferStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ServiceOfferUpstream) DeepCopyInto(out *ServiceOfferUpstream) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceOfferUpstream. +func (in *ServiceOfferUpstream) DeepCopy() *ServiceOfferUpstream { + if in == nil { + return nil + } + out := new(ServiceOfferUpstream) + in.DeepCopyInto(out) + return out +} diff --git a/justfile b/justfile index c3cc2996..40d7115c 100644 --- a/justfile +++ b/justfile @@ -81,6 +81,41 @@ dev-frontend-reset: obol kubectl rollout status deployment/obol-frontend-obol-app -n obol-frontend --timeout=120s echo "✓ Frontend reset to released image" +# Regenerate CRD manifests + DeepCopy methods from kubebuilder markers +# in internal/monetizeapi/. The Go types are the single source of truth; +# CI (.github/workflows/lint-test.yaml::generate-check) fails if the +# working tree is dirty after this command runs. See CLAUDE.md for the +# edit-types -> just generate -> commit-both workflow. +generate: + #!/usr/bin/env bash + set -euo pipefail + # DeepCopy methods (zz_generated_deepcopy.go) next to the Go types. + go run sigs.k8s.io/controller-tools/cmd/controller-gen \ + object:headerFile=hack/boilerplate.go.txt \ + paths=./internal/monetizeapi/... + # CRD manifests into the embed dir. controller-gen names files + # obol.org_.yaml; rename to existing -crd.yaml + # naming so embed.FS readers don't need to change. + out=internal/embed/infrastructure/base/templates + go run sigs.k8s.io/controller-tools/cmd/controller-gen \ + crd \ + paths=./internal/monetizeapi/... \ + output:crd:dir="$out" + for f in "$out"/obol.org_*.yaml; do + [ -e "$f" ] || continue + plural=$(basename "$f" .yaml | sed 's/^obol\.org_//') + case "$plural" in + agentidentities) target="agentidentity-crd.yaml" ;; + agents) target="agent-crd.yaml" ;; + purchaserequests) target="purchaserequest-crd.yaml" ;; + registrationrequests) target="registrationrequest-crd.yaml" ;; + serviceoffers) target="serviceoffer-crd.yaml" ;; + *) target="${plural%s}-crd.yaml" ;; + esac + mv "$f" "$out/$target" + done + echo "✓ Regenerated CRDs and DeepCopy methods" + # Install pre-commit hooks (run once after cloning) setup: #!/usr/bin/env bash diff --git a/tools/tools.go b/tools/tools.go new file mode 100644 index 00000000..b177a3e4 --- /dev/null +++ b/tools/tools.go @@ -0,0 +1,14 @@ +//go:build tools + +// Package tools tracks build-time dependencies that are not imported by +// production code. controller-gen is the canonical source-of-truth tool +// for generating CRD manifests and DeepCopy methods from kubebuilder +// markers on the Go types in internal/monetizeapi. +// +// See `just generate`. CI fails if generated artifacts drift from the +// markers (see .github/workflows/lint-test.yaml::generate-check). +package tools + +import ( + _ "sigs.k8s.io/controller-tools/cmd/controller-gen" +)